How can I dump the output of this register , the MSR - IA32_VMX_PROCBASED_CTLS2 , to see whether unrestricted guest mode is supported/enabled?

0

How can I dump the output of this register , the MSR - IA32_VMX_PROCBASED_CTLS2 , to see whether unrestricted guest mode is supported/enabled?

Context is curiosity.

I'm aware that Docker in the case of mac osx, and maybe in the case of Windows, requires unrestricted mode / unrestricted guest mode.

And I read

https://software.intel.com/en-us/forums/virtualization-software-development/topic/277958

"There are a series of MSRs that tell you if a given CPU supports the '1' setting of unrestricted guest and a number of other virtualization features. The specific MSR is IA32_VMX_PROCBASED_CTLS2 and I believe unrestricted guest is bit 7 in the secondary proc controls VMCS field."

i don't know if powershell or wmic will show it. I know win7 32bit has debug(which might possible show it? know debug can show some registers, I have once used debug to move a value into the AX register), though i'm on win7 64bit and that doesn't have debug.

Perhaps somebody that knows a bit of assembly can show what assembler one needs to install and what lines to run, to display the bits of that register?

I'm not really quite enough into assembly to be asking on stackoverflow 'cos at this stage i'm coming at this right now from a 'superuser' angle.

barlop

Posted 2019-04-03T14:00:39.897

Reputation: 18 677

This question is well suited for https://reverseengineering.stackexchange.com/. Moderators may help.

– Biswapriyo – 2019-04-03T14:29:37.743

@Biswapriyo ok so maybe the question is but then, question aside, am I suitable for reverseengineering site, when I haven't even installed or used an assembler? would answers assume any prior/pre-requisite knowledge? – barlop – 2019-04-03T14:34:40.087

For example, OP here didn't install any assembler.

– Biswapriyo – 2019-04-03T14:37:54.527

@Biswapriyo ok thanks. I will ask a different but related question there in a few days, though will leave this one here. – barlop – 2019-04-03T14:38:41.263

Answers

0

I am assuming that there is some tool available in Windows to read and write MSRs as there is one for Linux msr-tools. The tool gives you two command rdmsr and wrmsr. One can read the value of MSRs using rdmsr command. Here is link to one such tool for Window.

There are two VM-execution controls for processor-based execution- Primary Processor-based VM-execution Controls (IA32_VMX_PINBASED_CTLS) and Secondary Processor-based VM-execution Controls (IA32_VMX_PINBASED_CTLS2). The Unrestricted Guest mode bit is a part of IA32_VMX_PINBASED_CTLS2(as already mentioned in the question). The Secondary Processor-based VM-execution Controls is active only when the 31st bit of IA32_VMX_PINBASED_CTLS is 1. (Refer Sec 24.6.2 in Intel SDM)

So we need to first read IA32_VMX_PINBASED_CTLS using rdmsr and check if the 31st bit is 1 or not. If the bit value is 1 then read IA32_VMX_PINBASED_CTLS2 using the same command.

The address for both the MSRs are as follows:

IA32_VMX_PROCBASED_CTLS  - 482H
IA32_VMX_PROCBASED_CTLS2 - 48BH

Command in Linux:

sudo rdmsr 0x482 // To read IA32_VMX_PROCBASED_CTLS
sudo rdmsr 0x48B // To read IA32_VMX_PROCBASED_CTLS2

The output for the rdmsr command is in hexadecimal and we can manually convert that to binary or can use some online tool for the same.

Now we need to check the bit for Unrestricted Guest in IA32_VMX_PROCBASED_CTLS2 and for that, we need to check the bit at position 7(as shown in the following image).

Adding the full IA32_VMX_PROCBASED_CTLS2 structure, just in case you want to check other options too.

enter image description here

A-B

Posted 2019-04-03T14:00:39.897

Reputation: 111

Asked: 2019-04-03T14:00:39.897

Viewed: 382 times

Active: 2019-06-06T19:35:43.263